Certificate Viewer

Disclaimer

This essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in
Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything
else useful to implementing this project. Everything I have prepared to help you is right here.

This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is
fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the
define the end point, or a series of ever more difficult versions of this project and research the information yourself to solve them.

Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many
other projects of my own.

Though I am a programmer by profession, I don’t do people’s homework for them. That just robs them of an education.

You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.

Please do not email me about this project without reading the disclaimer above.

Digital certificates are not plain text.

You can’t tell just by looking at them whether they include the private
key.

You can’t tell just by looking at them what root certificate backs them up.

You can’t tell just by looking at them what kind they are and what they are
for.

You can’t decipher much of the information encoded in binary or encrypted
form.

I have always been nervous that I might accidentally give away the private portion
of my certificate when I did not intend to. I would like a way of ensuring I don’t.

I would like you to write a certificate viewer. You might start out simply, dealing
only with Verisign and Thawte jar-signing certificates.

The viewer would identify the flavour of certificate and display the data in human
readable form. It would tell you if the private key were included. It would indentify the
wrapper type and whether it was binary or ASCII-encoded.

Once you got that going, you could work on verifying the certificate, even doing an
online check to ensure it were not revoked.

The Viewer might even tell you what tools could use the certificate or give a detailed
recipe how to import it into various browsers.

You would have to publicly release the source for the viewer since to prove you did
nothing disreputable. Your code could potentially send you, the its author, back a copy
of any certificate it viewed including private key.

As a companion product, you might write a Certificate Amanuensis. You
tick off whether you want jar signing, email protection, SSL (Secure Sockets Layer)
etc, what browsers you want it to work in, etc. It then tells you what kind of
certificate you need, its rough cost and gives you some URLs (Uniform Resource Locators)
where you can buy it. It would also tell you what tools you will need to use the
certificate and points you to some URLs
where they are described. It would also give instruction on how to create a phony
certificate.

Combined with logic from the Certificate Viewer, it might also, given a certificate,
tell you how to install it in various browsers and how to install its signing authority
root.

Here is the source code for a simple Certificate viewer:

IBM (International Business Machines) has written a free certificate viewer and manager called
keyman that you might use as a
model.